SlideShare a Scribd company logo

44 Introduction Identifying and assessing risks is.docx

Download as DOCX, PDF
B
blondellchancy

This document provides instructions for developing an outline for an IT risk-mitigation plan. It involves identifying risks, threats and vulnerabilities across the seven domains of a typical IT infrastructure based on a previous qualitative risk assessment. The outline should prioritize risks and include short and long-term remediation steps. It should also define procedures and processes for ongoing risk mitigation. Creating the outline involves reviewing risks across the seven domains and developing a detailed outline with appropriate subtopics and sub-bullets for each domain.

Education
1 of 12
44 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan.
You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical
IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 45 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 46 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1).
Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure in that lab: 47 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files
Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment
Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access
Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 48 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 5. In your Lab Report file, organize the qualitative risk assessment data according to the following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a
manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. In your Lab Report file, describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. In your Lab Report file, describe the elements of an IT risk- mitigation plan outline by covering the following major topics:
organized into the seven domains ulnerabilities identified throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities T risk-mitigation steps for the seven domains of a typical IT infrastructure solutions 49 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 11. In your Lab Report file, create a detailed IT risk-mitigation
plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. 50 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. – [20%] 2. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. – [20%] 3. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. – [20%] 4. Define procedures and processes needed to maintain a
security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. – [20%] 5. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. – [20%]

Recommended

Managing Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxManaging Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxjessiehampson
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxlorainedeserre
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxvickeryr87
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
For this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxFor this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxhanneloremccaffery
 

Recommended

Managing Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxManaging Riskin InformationSystemsPowered by vLab Solu.docx
Managing Riskin InformationSystemsPowered by vLab Solu.docxjessiehampson
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxlorainedeserre
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxvickeryr87
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
For this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxFor this lab assignment, you are identifying IT domains for identi.docx
For this lab assignment, you are identifying IT domains for identi.docxhanneloremccaffery
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxRethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxInflectra
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docxblondellchancy
 
1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docxblondellchancy
 

More Related Content

Similar to 44 Introduction Identifying and assessing risks is.docx

Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxRethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxInflectra
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 

Similar to 44 Introduction Identifying and assessing risks is.docx (20)

Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerization
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
 
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxRethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 

More from blondellchancy

1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docxblondellchancy
 
1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docxblondellchancy
 
1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docx1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docxblondellchancy
 
1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docx1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docxblondellchancy
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docxblondellchancy
 
1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docx1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docxblondellchancy
 
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docxblondellchancy
 
1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docx1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docxblondellchancy
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docxblondellchancy
 
1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docx1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docxblondellchancy
 
1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docx1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docxblondellchancy
 
1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docx1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docxblondellchancy
 
1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docx1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docxblondellchancy
 
1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docx1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docxblondellchancy
 
1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docx1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docxblondellchancy
 
1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docx1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docxblondellchancy
 
1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docx1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docxblondellchancy
 
1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docx1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docxblondellchancy
 
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docxblondellchancy
 
1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docx1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docxblondellchancy
 

More from blondellchancy (20)

1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx
 
1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx
 
1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docx1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docx
 
1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docx1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docx
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx
 
1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docx1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docx
 
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
 
1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docx1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docx
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
 
1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docx1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docx
 
1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docx1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docx
 
1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docx1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docx
 
1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docx1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docx
 
1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docx1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docx
 
1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docx1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docx
 
1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docx1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docx
 
1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docx1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docx
 
1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docx1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docx
 
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
 
1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docx1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docx
 

Recently uploaded

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 

Recently uploaded (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 

44 Introduction Identifying and assessing risks is.docx

  • 1. 44 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan.
  • 2. You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical
  • 3. IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 45 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables
  • 4. Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 46 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1).
  • 5. Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure in that lab: 47 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files
  • 6. Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment
  • 7. Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access
  • 8. Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 48 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 5. In your Lab Report file, organize the qualitative risk assessment data according to the following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a
  • 9. manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. In your Lab Report file, describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. In your Lab Report file, describe the elements of an IT risk- mitigation plan outline by covering the following major topics:
  • 10. organized into the seven domains ulnerabilities identified throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities T risk-mitigation steps for the seven domains of a typical IT infrastructure solutions 49 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 11. In your Lab Report file, create a detailed IT risk-mitigation
  • 11. plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. 50 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. – [20%] 2. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. – [20%] 3. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. – [20%] 4. Define procedures and processes needed to maintain a
  • 12. security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. – [20%] 5. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. – [20%]